How does securely obtain and verify openjdk repositories as a non-contributor?
David Black
dblack at atlassian.com
Fri Sep 21 18:55:38 UTC 2018
On 31 August 2018 at 20:16, Bradford Wetmore
<bradford.wetmore at oracle.com> wrote:
> I would suggest contacting ops at openjdk.java.net, they should be able to
> answer these kinds of infrastructure questions.
Hi, I have emailed that address but I am yet to hear back.
Additionally, I have raised a bug with AdoptOpenJDK about how they
obtain OpenJdk sources
(https://github.com/AdoptOpenJDK/openjdk-build/issues/514).
--
David Black / Security Engineer.
More information about the security-dev
mailing list